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IN THE CLAIMS 

Please amend Claims 1, 2, 5, 6, 10, 12, 13, 16, 17, 21 and 23-26 as indicated. 

1. (Currently amended) A method for providing automated tracking of security 
vulnerabilities, comprising: 

using a computing device to perform a security vulnerability assessment on a system; 
detecting the presence of a security vulnerability in the system: and 
responsive to detecting the presence of the security vulnerability: 

storing data obtained from the security vulnerability assessment in a 
security vulnerability database; 

determining, using a computer program, a security vulnerability score 
based on a plurality of security vulnerability factors identified by the security 
vulnerability assessment; and 

determining a time to fix a the security vulnerability identified detected by 
the security vulnerability assessment of the system based on the determined 
security vulnerability score. 

2. (Currently amended) The method of claim 1, wherein determining the security 
vulnerability factor further comprises considering measuring the frequency the identified 
detected security vulnerability occurs in the system. 

3. (Previously Presented) The method of claim 2, wherein determining the security 
vulnerability factor further comprises the criticality of an element in the system presenting the 
security vulnerability and a rating of the severity of the security vulnerability. 

4. (Previously Presented) The method of claim 1 further comprising determining an IP 
address associated with the security vulnerability. 
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5. (Currently amended) The method of claim 4 further comprising entering the IP address 
and a description of the identified detected security vulnerability in a tracking database. 

6. (Currently amended) The method of claim 1 further comprising determining delinquent 
security vulnerabilities based upon the determined time to fix the security vulnerability identified 
detected by the security vulnerability assessment. 

7. (Original) The method of claim 6 further comprising providing notification of 
determined delinquencies. 

8. (Previously Presented) The method of claim 6 further comprising re -running a scan 
profile when notification is received that the security vulnerability has been fixed. 

9. (Previously Presented) The method of claim 8 further comprising determining whether 
the security vulnerability still exists and archiving records associated with the security 
vulnerability when the security vulnerability does not still exist. 

10. (Currently amended) A method for determining a criticality factor for a security 
vulnerability in a computer system, comprising: 

entering in a database security vulnerabilities identified detected in the computer system 
during a security vulnerability assessment; 

measuring monitoring a frequency of occurrence for the identified detected security 
vulnerabilities; and 

assigning a security vulnerability factor to a detected security vulnerability based upon 
the frequency of occurrence of the security vulnerability in the system. 

11. (Previously Presented) The method of claim 10, wherein the assigning a security 
vulnerability factor further comprises considering a criticality of an element in the system 
presenting the security vulnerability and a rating of the severity of the security vulnerability 
within the system. 
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12. (Currently amended) An apparatus for providing automated tracking of security 
vulnerabilities, comprising: 

a memory for storing program instructions; and 

a processor, configured according to the program instructions for performing a security 
vulnerability assessment on a system, detecting the presence of a security vulnerability in the 
system, and responsive to detecting the presence of the security vulnerability: storing data 
obtained from the security vulnerability assessment in a security vulnerability database, 
determining a security vulnerability score based on a plurality of security vulnerability factors 
identified by the security vulnerability assessment and determining a time to fix a security 
vulnerability identified detected by the security vulnerability assessment of the system based on 
the determined security vulnerability score. 

13. (Currently amended) The apparatus of claim 12, wherein the processor considers 
measures a frequency of occurrence of the identified detected security vulnerability in the system 
when determining the security vulnerability factor. 

14. (Previously Presented) The apparatus of claim 13, wherein the processor further 
considers the criticality of an element in the system presenting the security vulnerability and a 
rating of the severity of the security vulnerability when determining the security vulnerability 
factor. 

15. (Previously Presented) The apparatus of claim 12, wherein the processor determines 
an JP address associated with the security vulnerability. 

16. (Currently amended) The apparatus of claim 15, wherein the processor enters the IP 
address and a description of the identified detected security vulnerability in a tracking database. 
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17. (Currently amended) The apparatus of claim 12, wherein the processor identifies 
delinquent security vulnerabilities based upon the determined time to fix the security 
vulnerability identified detected by the security vulnerability assessment. 

18. (Original) The apparatus of claim 17, wherein the processor provides notification of 
the identified delinquencies. 

19. (Previously Presented) The apparatus of claim 17, wherein the processor re-runs a 
scan profile when notification is received that the security vulnerability has been fixed. 

20. (Previously Presented) The apparatus of claim 19, wherein the processor determines 
whether the security vulnerability still exists and archives records associated with the security 
vulnerability when the security vulnerability does not still exist. 

21. (Currently amended) An apparatus for determining a criticality factor for a security 
vulnerability in a computer system, comprising: 

a memory for storing program instructions; and 

a processor, configured according to the program instructions for entering in a database 
security vulnerabilities identified detected in the computer system during a security vulnerability 
assessment, measuring monitoring a frequency of occurrence for the identified detected security 
vulnerabilities and assigning a security vulnerability factor to a security vulnerability based upon 
the frequency of occurrence of the security vulnerability in the system. 

22. (Previously Presented) The apparatus of claim 21, wherein the processor considers a 
criticality of an element in the system presenting the security vulnerability and a rating of the 
severity of the security vulnerability within the system when assigning a security vulnerability 
factor. 

23. (Currently amended) An apparatus for providing automated tracking of security 
vulnerabilities, comprising: 
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means for storing program instructions; and 

means configured according to the program instructions provided by the means for 
storing for performing a security vulnerability assessment on a system, detecting the presence of 
a security vulnerability in the system, and responsive to detecting the presence of the security 
vulnerability: storing data obtained from the security vulnerability assessment in a security 
vulnerability database, determining a security vulnerability score based on a plurality of security 
vulnerability factors identified by the security vulnerability assessment and determining a time to 
fix a security vulnerability identified detected by the security vulnerability assessment of the 
system based on the determined security vulnerability score. 

24. (Currently amended) An apparatus for determining a criticality factor for a security 
vulnerability in a computer system, comprising: 

means for storing program instructions; and 

means configured according to the program instructions provided by the means for 
storing for entering in a database security vulnerabilities identified detected in the computer 
system during a security vulnerability assessment, measuring monitoring a frequency of 
occurrence for the identified detected security vulnerabilities and assigning a security 
vulnerability factor to a security vulnerability based upon the frequency of occurrence of the 
security vulnerability in the system. 

25. (Currently amended) A program storage device readable by a computer, the program 
storage device tangibly embodying one or more programs of instructions executable by the 
computer to perform a method for providing automated tracking of security vulnerabilities, the 
method comprising: 

performing a security vulnerability assessment on a system; 
detecting the presence of a security vulnerability in the system; and 
responsive to detecting the presence of the security vulnerability: 

storing data obtained from the security vulnerability assessment in a vulnerability 
database; 
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determining a security vulnerability score based on a plurality of security 
vulnerability factors identified by the security vulnerability assessment; and 

determining a time to fix a security vulnerability identified detected by the 
security vulnerability assessment of the system based on the determined security 
vulnerability score. 

26. (Currently amended) A program storage device readable by a computer, the program 
storage device tangibly embodying one or more programs of instructions executable by the 
computer to perform a method for determining a criticality factor for a security vulnerability in a 
computer system, the method comprising: 

entering in a database security vulnerabilities identified detected in the computer system 
during a security vulnerability assessment; 

measuring monitoring a frequency of occurrence for the identified detected security 
vulnerabilities; and 

assigning a security vulnerability factor to a security vulnerability based upon the 
frequency of occurrence of the security vulnerability in the system. 
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